| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python |
| Date: | 2010-03-22 23:48:04 |
| Message-ID: | 1269301684.14588.33.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On mån, 2010-03-22 at 19:29 -0400, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > I have never used Tcl before just now, and the documentation is sketchy,
> > but it looks like the behavior of Tcl is kind of mixed in this area.
>
> > Escapes such as "\xd0" are apparently converted to Unicode code points
> > rather than bytes when the appropriate OS locale is set. So that is
> > safe. Except that it doesn't work in some locale/charset setups, such
> > as EUC_JP. To adapt Hannu's original example:
>
> The pltcl code special-cases Unicode IIRC.
You can observe the equivalent behavior in tclsh, so this isn't pltcl at
work here.
One might argue that the leak is really somewhere in Tcl, since it
allows this kind of thing while claiming to use Unicode. But that
doesn't really help us ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Takahiro Itagaki | 2010-03-23 01:29:22 | pgsql: Each worker thread will have its own log file in pgbench to avoid |
| Previous Message | Tom Lane | 2010-03-22 23:29:53 | Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Takahiro Itagaki | 2010-03-23 00:57:31 | Re: WIP: preloading of ispell dictionary |
| Previous Message | Josh Berkus | 2010-03-22 23:39:27 | Re: 9.0 release notes done |